Windows

General discussion

DNS namespace considerations in Win2K

I am in the process of upgrading our corporate domain from NT 4.0 to Windows 2000. My question is regarding choosing the domain name/DNS namespace during the Win2K migration. We are currently on the internet with a registered domain name, <mycompany>.org. What would be the considerations in choosing the internal namespace for our domain? What are the pros and cons of having it the same as our external (registered) namespace? Thanks in advance for your help.

All Comments

DNS namespace considerations in Win2K

I would suggest that you consider using your registered Domain on your DMZ and using xyz.yournamespace.com on your internal Network. This will give you a lot more security options, such as putting a DNS bastion host on your DMZ.I will add some links for you read when I get home.

DNS namespace considerations in Win2K

I guess it was more important to reject my answer instead of waiting for me to add the links I told you I would do. A Bastion Host is a box that sits outside of your internal Network. it is your part of your first line of defense against attackA bastion hostYour internal network will communicate with the external network only through this host. A bastion host can a DNS server, a SMTP relay server etc. There are security advantages of putting a DNS server on the DMZ as a forwarder. When a DNS client in your network sends a recursive query to to your internal DNS server, your internal DNS server first checks to see if it is authoratative for the zone for the request. If not it checks its cache. If the data is not cached, your internal DNS server will issue iterative queries to external DNS servers until the recursion is complete. The IP datagrams from these queries contain information about your internal network. Source and destination IP. A hacker could potentially obtain your internal networks service records, host names etc. By configuring a DNS forwarder on your DMZ the job of recursion can be passed to the forwarder, (disable recursion on your internal DNS)and no internal network information is exposed to the outside. Bysetting up your DNS/Domain Name structure so that your internal network resides on a sub domain of you registered domain name will give you future security options. It's just as easy to set up, and as you must know since you are a win2k MCSE you can't change your domain Nameuntil .NET arrives, even then it won't be cakeRead up - revisit Microsoft course # 1561 Don't bother rating my answer please.

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.